artem-hatchenko

{
    "Version": "2012-10-17",
    "Statement": [
        {
            "Effect": "Allow",
            "Action": [
                "dynamodb:Scan",
                "dynamodb:PutItem",
                "dynamodb:UpdateItem"
            ],

artem-hatchenko

{
  "Version": "2012-10-17",
  "Statement": [
    {
      "Effect": "Allow",
      "Action": [
        "es:ESHttpPost",
        "es:ESHttpPut"
      ],
      "Resource": "arn:aws:es:us-east-1:XXXXXXXXXXXX:domain/sandbox"

artem-hatchenko

{
    "Version": "2008-10-17",
    "Statement": [
        {
            "Sid": "",
            "Effect": "Allow",
            "Principal": {
                "Service": "ecs-tasks.amazonaws.com"
            },
            "Action": "sts:AssumeRole"

artem-hatchenko

{
    "family": "nginx",
    "executionRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/ecsTaskExecutionRole",
    "taskRoleArn": "arn:aws:iam::XXXXXXXXXXXX:role/Sandbox-ECS-Nginx-Service-Role",
    "containerDefinitions": [
        {
            "name": "log_router",
            "image": "docker.io/amazon/aws-for-fluent-bit:latest",
            "cpu": 0,
            "memoryReservation": 50,

artem-hatchenko

resource "aws_lb_listener_rule" "cognito" {
  listener_arn = aws_alb_listener.kibana-listener-https.arn

  ### ALB in "eu-west-3" region doesn't support "authenticate-cognito" method ###
  # action {
  #   type = "authenticate-cognito"

  #   authenticate_cognito {
  #     scope               = "openid"
  #     user_pool_arn       = var.cognito_user_pool_arn

artem-hatchenko

cgi.fix_pathinfo = 0
short_open_tag = Off
display_errors = Off
display_startup_errors = Off
allow_url_fopen = Off
allow_url_include = Off

artem-hatchenko

disable_functions = exec,passthru,shell_exec,system,proc_open,popen,curl_exec,curl_multi_exec,parse_ini_file,show_source

artem-hatchenko

# Generating a summary for a $MODULES_OUTPUT file
ENVIRONMENT_STAT="$(cat $ENVIRONMENT_OUTPUT | grep -v -e '^$' | grep -v -P '^[0-9]+\ +issue\(s\)\ +found:' | grep -v -P '^(ENVIRONMENT: .[a-zA-Z]+.*)' | wc -l)"
if [[ -f "$MODULES_OUTPUT" ]]
  then
    MODULE_STAT="$(cat $MODULES_OUTPUT | grep -v -e '^$' | grep -v -P '^[0-9]+\ +issue\(s\)\ +found:' | grep -v -P '^(MODULE: .\/[a-z0-9]+.*)' | wc -l)"
  else
    MODULE_STAT="0"
fi

echo -e "\n\n\n"

artem-hatchenko

# Block for the modules
check_modules() {
  # Run the "tflint" command and write the result to the $MODULES_OUTPUT file
  cd $TF_DIR/$MODULE_DIR/$1
  echo -e "\nMODULE: $1" | tee -a $MODULES_OUTPUT
  if grep -qP '^module' *.tf
    then echo "Found module call. Running terraform init..."
    terraform init &>/dev/null
    $TFLIT --config $MODULES_CONF_FILE | tee -a $MODULES_OUTPUT
    rm -rf .terraform*

artem-hatchenko

# Get the list of ALL modules in the form: "./rds/common",  "./rds/instance" etc.
MODULES="$(cd $TF_DIR/$MODULE_DIR; find . -type f -name '*.tf' -exec dirname {} \;)"
SORTED="$(echo $MODULES | sed -e $'s/ /\\\n/g' | sort | uniq)"

# Get the list of used modules from the INPUT_MODULE_LIST variable (i.e. "ecr,rds,eks", "s3")
IFS=',' read -ra INPUT_MODULE_LIST <<<"$INPUT_MODULE_LIST"

#If the modules used (INPUT_MODULE_LIST variable) are in the list of all modules (SORTED variable),
# then we call the "check_modules()" function and use the "tflint" command for the module being checked
if [ -n "${INPUT_MODULE_LIST}" ]; then